MPLS L2VPN – Pseudowire Redundancy
Once again, my sincere apologies to the readers for not posting anything the past few months. Things have been so crazy (the good kind) lately, I just could not find the time to blog. I am very grateful for the thousands of frequent readers, and the few dozen who emailed me for feedback and new posts!
I have received a lot of feedback and requests for specific posts; most requests where related to pseudowire redundancy. So I decided to explain the concept of MPLS L2VPN Pseudowire Redundancy.
Today we will configure a completely redundant MPLS circuit. This type of configuration is most likely the result of an eager sales manager who promised the customer a complete fault-proof solution; with a 99,99999% SLA on top of it.
The following diagram contains one customer circuit; with two backup peers to provide complete fault-tolerance. The primary LSP goes from PE_1 to PE_2, then towards the customer. Should PE_2 become unreachable, or any other problem ocours; PE_1 will setup a connection with it’s backup-peer PE_3.
A similar concept is configured on PE_2, with a primary-peer to PE_1 and a backup-peer going to PE_4 in case PE_1 becomes unreachable. Keep in mind that this concept requires two interfaces going towards the customer at each end of the tail.
In this post I will use the RFC1918 IP address range of 192.168.0.0/24. Each PE will be identified by its hostname. For example: PE_1 becomes 192.168.0.1 and PE_2 becomes 192.168.0.2, and so on.
The basic configuration for MPLS, OSPF and interfaces are explained in my previous post. You need to choose a unique VC-ID per circuit; in this example I will use VC-ID 100 for the primary LSP, 101 for the backup LSP on PE_1 and VC-ID 100 for the primary LSP and 102 for the backup LSP on PE-2.
Here we configure the PE_1 router. First configure the primary LSP to PE_2 and the backup peer to PE_3.
PE_1#config t PE_1(config)#interface GigabitEthernet1/2 PE_1(config-if)#no ip address PE_1(config-if)#xconnect 192.168.0.2 100 encapsulation mpls PE_1(config-if)#backup peer 192.168.0.3 101 encapsulation mpls PE_1(config-if)#end PE_1#sh run interface GigabitEthernet1/2 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/2 description "IP-MPLS # Customer X - noc@customer-X.com - Primary Interface" no ip address xconnect 192.168.0.2 100 encapsulation mpls backup peer 192.168.0.3 101 encapsulation mpls end PE_1#
We do the same on PE_2, with a primary LSP to PE_1 and a backup LSP to PE_4
PE_2#config t PE_2(config)#interface GigabitEthernet1/2 PE_2(config-if)#no ip address PE_2(config-if)#xconnect 192.168.0.1 100 encapsulation mpls PE_2(config-if)#backup peer 192.168.0.4 102 encapsulation mpls PE_2(config-if)#end PE_2#sh run interface GigabitEthernet1/2 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/2 description "IP-MPLS # Customer X - noc@customer-X.com - Primary Interface" no ip address xconnect 192.168.0.1 100 encapsulation mpls backup peer 192.168.0.4 102 encapsulation mpls end PE_2#
On the to backup PE routers we just configure a normal LSP to PE_1 and PE_2. These will only become active when one of the primary LSP’s fail.
PE_3#config t PE_3(config)#interface GigabitEthernet1/2 PE_3(config-if)#no ip address PE_3(config-if)#xconnect 192.168.0.1 101 encapsulation mpls PE_3(config-if)#end PE_3#sh run interface GigabitEthernet1/2 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/2 description "IP-MPLS # Customer X - noc@customer-X.com - Backup Interface" no ip address xconnect 192.168.0.1 101 encapsulation mpls end PE_3#
PE_4#config t PE_4(config)#interface GigabitEthernet1/2 PE_4(config-if)#no ip address PE_4(config-if)#xconnect 192.168.0.2 102 encapsulation mpls PE_4(config-if)#end PE_4#sh run interface GigabitEthernet1/2 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/2 description "IP-MPLS # Customer X - noc@customer-X.com - Backup Interface" no ip address xconnect 192.168.0.2 102 encapsulation mpls end PE_4#
You are now able to offer the customer a solution with complete failover in case either PE_1 or PE_2 are out of service. However, you need to pay attention to your network architecture and check weither this kind of failover is advised.
The following example shows that the two backups link may become active when there is massive failure on your P routers or in case your IGP makes a booboo. So, worst case scenario your customer needs to be aware and make the proper modifications on his end.
| tags: CCDE, CCIE, Cisco, IGP, ISP, L2VPN, LDP, MPLS, NGN, Pseudowire Redundancy, Routing, Technology 
[...] to my previous post about Pseudowire Redundancy I will now show how to force a switchover from your primary to backup [...]
what is the reconvergence time in case of failure in this network topology?
I use this in production and it’s usually subsecond. More like a few millisecs. As soon at the interface goes down LDP starts the other circuit.
hello
thanks for y’r post
i have question is there a way to do MPLS L2VPN – Pseudowire Redundancy
from one PE with two paths to the destination PE ,i mean to select the preffered path “output” without TE
thank u
Hi – I came across this after searching for someone who was doing something similar. In my case the failover works great but failback doesn’t. I assume you have this working and have tested failover/failback so I’m just wondering what combination of hardware/software your solution is implemented on?
cheers,
Andrew.